<?php

!defined('DEBUG') AND exit('Access Denied.');

$action = param(1);

if($action == 'login') {
	
	if(admin_authority_check()) header("Location:.");
	if($method == 'GET') {
		$header['title'] = "财务登录";
		include _include(ADMIN_PATH."view/htm/index_login.htm");
	} else if($method == 'POST') {
		$username = param('username');
		$password = param('password');		
		$admin = db_find_one('finance',array('username'=>$username));
		//白名单检测
		if($admin['allow_ips']!='' && strpos($admin['allow_ips'],$ip)===false){//不在白名单内
			message('username', 'IP不在白名单内');
		}
		//
		if(!$admin || md5($password.$admin['salt'])!=$admin['password']) message('password', '密码错误');
		admin_token_set();
		db_update('finance', array('uid'=>$admin['uid']), array('login_time'=>$time, 'login_ip'=>$ip));
		message(0, jump('登录成功', '.'));
	}

} elseif ($action == 'logout') {

	admin_token_clean();
	header("Location:".url('index-login'));

} else if($action == 'remind'){
	
	$type = param(2);
	$remind = @file_get_contents('../tmp/'.'remind-'.$type.'-'.$user['uid'].'.txt');
	message(0, $remind);

} else {

	if(!admin_authority_check()) header("Location:".url('index-login'));
	$header['title'] = '财务总览';
	$today = strtotime('today');
	$month = strtotime(date('Y-m-1'));
	$cond = "where uid in(select uid from ".$db->tablepre."finance_power where fid=".$user['uid'].") and status='已审核'";
	$stat = array();
	$stat['cash_total'] = db_sql_find_one("SELECT sum(coin) as total FROM ".$db->tablepre."order_cash $cond");
	$stat['cash_today'] = db_sql_find_one("SELECT sum(coin) as total FROM ".$db->tablepre."order_cash $cond and time>".$today);
	$stat['cash_month'] = db_sql_find_one("SELECT sum(coin) as total FROM ".$db->tablepre."order_cash $cond and time>".$month);

	include _include(ADMIN_PATH.'view/htm/index.htm');

}

?>
